Project

Around Notes - Infrastructure and Compliance

I led end-to-end AWS infrastructure and CI/CD pipelines for Around Notes, achieving HIPAA and SOC 2 readiness in the last 6 months.

  • AWS
  • HIPAA
  • SOC 2
  • CI/CD
  • SRE
Around Notes - Infrastructure and Compliance architecture diagram preview
Key outcomes
  • HIPAA + SOC 2 readiness foundation with audit-grade logging and encryption controls.
  • Repeatable multi-environment deployment using nested CloudFormation and GitHub Actions.
  • Resilient request path from DNS to ECS with Multi-AZ data and queues.
Role and stack
SRE / Infrastructure Lead HIPAA + SOC 2 readiness AWS + CloudFormation CI/CD automation

Architecture overview

High-level diagram showing the main production flow, telemetry paths, and compliance-oriented services.

Open full size
Key: Solid = request/data path. Dashed = control + telemetry. Thin solid = CI/CD automation.
Around Notes high-level infrastructure diagram
Key points
  • Request path: Route 53 routes traffic through ALB to ECS services.
  • Data layer: ECS services use Multi-AZ RDS, Redis cache, and SQS queues.
  • Controls: IAM + KMS with CloudWatch/CloudTrail for monitoring and auditability.
Core components
AWS Route 53
Route 53
AWS CloudFront
CloudFront
AWS Elastic Load Balancing
ALB
AWS Elastic Container Service
ECS
AWS RDS
RDS
AWS S3
S3
AWS CloudWatch
CloudWatch

SRE approach

Reliability architecture
  • Network: VPC with public/private subnets, NAT gateways, and flow logs.
  • Compute: ECS services behind an ALB with autoscaling.
  • Data: Multi-AZ RDS, Redis, and SQS for resilient workloads.
Security and compliance
  • Encryption: KMS-backed encryption for S3 and data stores.
  • Identity: Least-privilege IAM with scoped access policies.
  • Auditability: CloudTrail retention, GuardDuty, Inspector, and alarms.
Operational excellence
  • IaC: Nested CloudFormation stacks for repeatable environments.
  • CI/CD: GitHub Actions for deployments and infrastructure security checks.
  • Ops: DNS automation and secure rotation procedures for services.

Results

Compliance-ready logging Repeatable multi-environment deployments Production-ready foundation Incident-ready observability

The platform now has a compliance-ready foundation and a repeatable delivery path that reduces manual deployment work while improving visibility and incident readiness.

Outcome

A secure, scalable infrastructure foundation aligned with HIPAA and SOC 2 readiness requirements.

How

Infrastructure codified in CloudFormation with CI/CD automation and centralized observability.

Project URL

Public marketing site and entry point to the authenticated app.

Visit aroundnotes.ai Marketing site
Open app Product app

Lessons learned

Building Around Notes from scratch reinforced the value of modular infrastructure and compliance-first design. Aligning network, compute, and security controls early made it easier to scale features and meet HIPAA and SOC 2 readiness goals.